The news is now littered with stories of “failed” home security systems. It’s a worrying problem; they can cost homeowners their money, their health, and their sanity.

Here we take a look at some of the most notable home security hacks – exploring what happened and why it happened…

Comcast Catastrophes

In the autumn of 2013 Washington state resident Leena Rawat and her family bought a new home that came without an alarm system. Being security-conscious homeowners, they immediately went out and bought one – opting for Comcast’s “intruder proof” XFINITY Home package.

The system is supposedly part of Comcast’s wider smart home offering, which allows users to control connected devices from a smart phone app. The home security system can send you real-time alerts when doors and windows are opened, can stream live video from inside or outside your home, and can even incorporate existing equipment.

The package isn’t cheap. Basic fees are $30-$40 per month, and the early cancellation fee is an eye-watering $770.

Fast forward 12 months and their new family home turned into a house of horrors. Intruders broke in through the basement window, and no alarm was raised by the system. They attacked Leena’s 18-year-old son whilst he slept, leaving him with life-threatening injuries.

Subsequent investigations discovered that Comcast didn’t install motion detectors on the basement window, but still signed off the system as secure. Comcast have a contract clause that waives them of any responsibility – but the Rawats are currently testing that in the courts.

This is far from the only Comcast catastrophe; in the middle of last year a Houston family discovered their Comcast alarm system hadn’t been operational since 2007 – even though they’d been paying for it. Comcast’s response? A $20 gift certificate.

The Lesson to Learn

Don’t trust Comcast seems the most obvious takeaway…

On a more serious note, this could happen to anyone. Whether you’ve done a DIY installation, contracted a professional security firm, or hired an ISP, mistakes can happen and threats can be overlooked.

Once the installation of the home security system is complete you need to test, retest, and test again. Check every window and every door and make sure the alarm sounds when it’s breached. Thereafter check your system at least once a month – you should check it with the same regularity as you test batteries in your smoke detectors.

The problem arises because so many of the devices are configured insecurely due to the manufacturer defaults, and the owners never bother to change them.

For example, in late-2014 a Russian website was found hosting hundreds of feeds of live footage from inside UK homes and businesses; it had hacked the aforementioned devices. The website’s owner claimed he was merely proving a point by using the default login credentials for the hacked cameras – credentials that are widely available online.

At the time, the UK’s Information Commissioner’s Office said there were at least 35,000 exposed devices sold in the country in the previous 12 months.

The Lesson to Learn

You have to take responsibility for your own security. Always delve into the settings of a new system when you install it – even for something that seems as insignificant as a smart baby monitor. Failure to do so could make your home more insecure than if you didn’t buy the system in the first place.

If in doubt about how to edit settings, call the manufacturer’s customer hotline. Alternatively, you could even ask one of our very own experts!

Disabled Wireless Alarms

On the surface, wireless alarms as part of a home security system seem like a great idea. They are free of the usual risks that go hand-in-hand with wired systems (such as cut telephone lines and cut alarm lines), they can be easily installed and aren’t constrained by wiring considerations. They can be easily expanded, and they can be packed up and moved if you buy a new home.

However, there are still some inherent hazards to consider.

Even though the devices aren’t connected to the Internet, they are not safe from hackers. Logan Lamb, a security researcher at Oak Ridge National Lab, conducted his own private research last summer and found that several of the top manufacturers – including companies that sell systems in the US – can be easily compromised.

The vulnerabilities arise from all wireless alarm systems’ reliance on radio frequency signals to communicate between the sensors and the central control system.

This leads to two main problems. Firstly, because the systems failed to encrypt or authenticate the signals, anyone could intercept and decipher them and then play them to the control system as they pleased. Secondly, the signals could be jammed to prevent them from triggering an alarm.

Lamb claimed he could intercept signals and communicate with the central control system with his own $1,700 software defined radio (SDR) device from a range of 250 meters, and that he could jam the signals from about 10 meters.

He went on to claim that even though a cheap Realtek SDR device ($10 on Amazon) couldn’t send signals, it could still receive them and thus give a burglar a clear idea of when a window was left open or where in the house an occupant was at any given moment.

The Lesson to Learn

There isn’t really a clear winner in the wired alarm vs wireless alarm debate. Both have their own pros and cons. What’s important is that you shouldn’t just install one home security system and assume that you are covered.

Every system has its weak points, so protect against those weak points by installing secondary systems. Even the more traditional methods of protection, such as putting bars over your windows or buying motion-sensitive outside lights, can be enough of a deterrent when used in conjunction with a good alarm system.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

targeted2much

January 7, 2018 at 7:35 pm

I have been going through an experience that has changed me forever. It all started back in 2015 when I started catching on to the consequences that had occured due to my home network being severely compromised. I'll admit I had been foolish enough to keep a laptop open and connected to my home wifi 24/7. I am a writer and at that time it seemed convenient. That became my biggest vulnerability. All of these methods are advertised to appeal to your convenience. But during my investigations since this happened I have found that just about everything has existing allocations that leave you wide open for anyone with malicious intent. The common person isn't aware of all of this. Plus the companies make no effort to really inform you except in those little bitty fine lined printed terms and agreements. If you really read all of them...not just until the agree option becomes available...but to the full extent...you will see that just by continuing past that very second you are for forfeiting all of your rights to even your own voice. Then all it takes is the betrayal of someone that you've allowed into your own enviroment at some point that has some experience in technology. It's not hard to find out the info that you would need to compromise someone. Most people leave all those labels on their modems, routers and pc's. They usually provide all the info that's needed. But I also found out really quick that liability and EULA agreements mean more than life and most security measures that you implemented will bail on you. It all depends on the particular mood of whatever customer service representative that happens to answer your call. They will ask you how they can help you. You think they care cause they are asking. So you go into detail of everything that's transpired so far only to find out that you are just talking to the janitor. Wth is the janitor answering the phone anyways?! But none the less they can't help you but of course they'll connect you to someone who can. So then you are put on hold listening to advertisements while someone is hacking the crap out of you. You'll finally realize that this gets you no where. If someone broke into your home and was trying to kill you but the only place your phone was programed to call was customer service you'd be good as dead. You'd call them asking if they'd just call 911 for you cause someone was trying to kill you and their response would be "I am sorry! That's not my department. But good luck with that and if you don't care please finish the survey on my performance at the end of this call. Thanks!" Lol
I realize when there's been physical access by someone that you allowed in your enviroment that it's all your fault. No one could provide you much security when that's the situation. But still help me secure myself!! It's been going on for three years now. I have notebooks of notes. I lose admin rights of every device and account I make. It looks like I am selling myself online. My own children are added to my block list through my voicemail at random times. I continue to receive pings of death from an ip from China in my router logs. I've called the police everytime someone like even Sony told me to. I live in a one horse town. They don't know what to do. Plus I had to just quit talking about it or else I was gonna end up commited against my will lol! I have legit solid proof of all the crazy stuff I've found as a result of what's been done to me. No one should ever be able to get away with doing this to someone. I have a bad past. But I own it. And while I was in those trenches of hell I did learn some valuable knowledge. Someone had to go there to obtain it. I spend my entire existence trying to warn others about what not to. I could very well be the reason your child choses to "just say no" someday. But I have enemies that do not want me to succeed. I guess because it would only shine more light on what they are still doing wrong. But this isn't about me or them. It's about my son. It's about the intervention that he needs in his life NOW for his future! If this keeps going on...in the end...he gets nobody!

99% may be an exaggeration. But 85% is probably close. Your typical Burglar is not exceptionally bright and is after a quick buck. However, if there is something in your house that he knows about that he wants. Neither the sign or the full alarm is going to keep him from trying. Also, if you are dumb enough to advertise that you are out of town, or that you have something he wants, the sign becomes less effective. That doesn't mean you can stop locking your doors though. And, your insurance won't give a discount for just a sign. A $99 system with a sign is a better deterrent than an expensive system without the sign. The purpose of having an alarm is not to catch a crook, but to get the crook to go somewhere else. A barking dog works well also.

Former (retired) independent alarm company owner. My own experience in the industry was that most alarm installers at the big companies are low paid and under trained. The sales people are commissioned and will tell you anything to get that sale. You are not buying an alarm system, you are signing up for a monitoring service for 3 to 5 years. To get your signature ob that contract they will practically give you the hardware. That contract is iron clad - you WILL pay that monthly fee for the entire length of that contract - even if you move and cannot get the new owner to pick up the contract. The alarm company will push a minimum feature low cost system to get you interested , then add on more stuff. The base system is wireless, 2 door contacts, 1 motion sensor and a keypad. (varies from company to company) You have 3 doors? Pay me. you want sensors on ground floor windows? pay me. You want a keypad on the back door? Pay me. You want a smoke detector? Pay me. Everything costs extra. Then if you don't have a wired telephone, you will need a Cell phone add on.

Now remember that underpaid poorly trained installer? He may put things in wrong, set up the system wrong or damage something in his rush to finish in the time his boss allocated to your install. The most important part of the system is the cheapest - that unsightly yard sign will act as a deterrent. A typical burglar will pass up a house with an alarm sign because there is a house without one right down the street.

Then, about one third of home alarms are turned off by the homeowner within 18 months. Because they are just too much trouble. You still pay the fee though. Believe me you won't be able to break that contract.

If you get a $99 system, you have a cheap system that you will not be happy with. Be willing to pay for a better system that does what you want. Get quotes from several companies and ask a lot of questions. I could go on for several pages, but this is all for now.

Dan is a British expat living in Mexico. He is currently a Senior Writer and the Affiliate Optimization Manager for MakeUseOf. At various times, he has been the Social Editor, Creative Editor, and Finance Editor. He is also an Editor for MUO's sister site, Blocks Decoded and a Senior Writer for VPN Proof. Prior to his writing career, he was…